Doctor Invades Medical Privacy of 2 Ex-Girlfriends

A hospital has lodged a police complaint against a doctor who accessed medical records of two ex-girlfriends in 2007 and 2009.

In one case he accessed his girlfriends medical records on learning she was being treated for a sexually transmitted disease. He claimed to be worried about contracting the disease from her.

In the second case the doctor accessed his other girlfriend's medical records to find out when she had appointments at the hospital. He wanted to avoid her since he claimed the woman was stalking him and threatening him.

Download a white paper on patient privacy breach detection. Learn how to proactively identify breaches of patient privacy - with no hardware and no on-site software.

The second girlfriend brought the doctors action to the attention of the hospital when she filed a complaint against the doctor in August 2009.

Sources:
(a) Hospital takes action on doctor who accessed records - YourHealth, AsiaOne, 1/21/2012

Share

Lawsuit over Medical Privacy Breach Regarding HIV Testing

A city employee filed suit because information about her HIV test was shared with people who were not her healthcare provider.

The woman, identified as Jane Doe in the suit, filed a lawsuit for injury to her reputation, loss of wages and the cost of therapy, emotional pain, suffering, inconvenience, mental anguish, loss of enjoyment of life and loss of consortium.

The suit states she was injured by a hypodermic needle while on the job and subsequently underwent HIV testing. Her medical information was them shared with more than 50 people the lawsuit alleges. One of those people called Jane Doe at home asking if her husband knew about the HIV test.

“Inquiries into Jane Doe’s medical status continued for months .... and comments are made to Jane Doe when she is at the grocery store or leaves her house,” - Lawsuit filing.

The complaint alleges violations of state law forbidding “disclosure of identity of person investigated or requesting HIV antibody testing” and by publishing a matter concerning the private life of another when the information would be highly offensive to a reasonable person.”

Sources:
(a) Worker sues Oak Harbor over HIV test publicity - Whidbey News Times, Jan 31 2012

Share

Help Childrens Hospitals - National Pancake Day

As an official partner of Children’s Miracle Network Hospitals, Veriphyr wants to encourage everyone to support IHOP’s National Pancake Day on Tuesday, February 28, 2012

IHOP Restaurants and Veriphyr partners with Children’s Miracle Network Hospitals to help improve the lives of millions of sick children. We welcome the opportunity to collaborate with IHOP in support of this great cause and, frankly, we’d hate for you to miss out on free pancakes!

How it Works: IHOP invites guests to visit their local IHOP restaurant on National Pancake Day and receive a free short stack of its famous buttermilk pancakes from 7 a.m. – 10 p.m. In return, they ask that you make a voluntary donation to Children’s Miracle Network Hospitals (or, in select markets, another local charity) while at the restaurant.

For more information on National Pancake Day and to find a participating IHOP near you, please go to www.IHOPPancakeDay.com.

US Healthcare Regulators on Patient Privacy Breach Detection

"HIPAA says ... you need to have some sort of auditing procedure in place so that you can detect when people are doing record snooping. Then when you realize that something is awry, you need to look into it and take appropriate action. It’s a common-sense approach at the end of the day.” - Leon Rodriguez, Director of the Office for Civil Rights of the Department of Health and Human Services.

Download a white paper on automated auditing procedure for snooping. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.

Sources:
(a) Expect Stronger Enforcement of HIPAA Privacy and Security Rules, Experts Say - Triangle Medical News, Febuary 22, 2012

Share

Gartner Survey - #1 Priority for 2012 is Business Intelligence and Analytics

Business intelligence and analytics is the No. 1 technology priority for 2012, according to a new Gartner survey of more than 2,300 CIPs The 2nd and 3rd priority are cloud and SaaS.

For more see - http://www.gartner.com/technology/summits/na/business-intelligence/index.jsp

HIMSS Leadership Survey on Privacy and Security

The Healthcare Information and Management Systems Society published their 23rd Annual HIMSS Leadership Survey. I have extracted some of the highpoints from a security and privacy perspective.

"Compliance with HIPAA security regulations and CMS security audits were their top concerns with regard to security at their organizations." - 23rd HIMSS Leadership Survey

Respondents were somewhat less likely to identify funding/financial support for the security process as a barrier than they were in the past. While selected by 13 percent of respondents in 2012, 17 percent of respondents selected this same issue in 2011.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.

Sources:
(a) 23rd Annual HIMSS Leadership Survey - HIMSS, February 21, 2012

Share

Clerk Breaches Patient Privacy for 6 Years

For over 6 years a healthcare organization and its half million patients were victims of privacy breaches by a clerk who booked appointments.

The clerk began "snooping" on electronic medical records in 2005 and continued to snoop until the fall of 2011 when hospital staff suspicions led to a formal investigation in October.

Download a white paper on patient privacy breach detection. Proactively identify breaches of data privacy - with no hardware and no on-site software.

The initial investigation found 15 patients whose privacy was violated and an audit of all the clerk's transactions found all 120 patient who were victimized.

“We are extremely disappointed that these breaches occurred. We remain confident in the ethical practices of employees. With rare exception, our confidence is rewarded,” - Hospital spokeperson

The clerk was on leave when the initial breaches were identified and left the hospital in January before the rest of the breaches were discovered.

The hospital could not confirm whether the employee was fired, but said it reserves the right to terminate employees when privacy breaches occur.

Learn more about how to proactively detect privacy breaches by insiders.

Sources:
(a) Nova Scotia health board reports privacy breach involving 120 people - The Globe and Mail,2/14/2012

Share

WSJ - Privacy Concerns Hinder Health IT Adoption

The Wall Street Journal asks, "What’s standing in the way of the wider spread of health IT?" The WSJ's answers is that consumers are worried about privacy and security and points to a new report by the Bipartisan Policy Center.

"All entities that access, use and disclose consumers’ personal health information should be required to comply with privacy and security requirements that are at least as comprehensive as those applicable to entities covered under HIPAA,” the federal medical privacy rule." - Recommendation in Bipartisan Policy Center report co-chaired by former Sens. Bill Frist and Tom Daschle.

Sources:
(a) What Are the Obstacles to Digital Health Records? - Wall Street Journal, 1/27/2012

Share

£140,000 Fine for Disclosing Sensitive Data about Children

The Information Commissioner's Office issued fines over five "serious" data breaches involving the disclosure of children's medical and social service data.

One breach involved seven healthcare professions accessing data they had no reason to see.

"Information about children's care, as well as details about their health and wellbeing, is some of the most sensitive information a local authority holds," said Ken Macdonald, Assistant Commissioner for Scotland .

"I hope this penalty acts as a reminder to all organisations across Scotland and the rest of the UK to ensure that the personal information they handle is kept secure." - Assistant Commissioner for Scotland

Information Commissioner's Office (ICO) can assess fines up to £500,000 for breaches of the Data Protection Act.

Sources:
(a) Council fined £140k for multiple child data breaches - PublicService.co.uk, 1/30/2012

Share